Hello,
You're right, SAML generally uses fewer resources on the ProxySG compared to Kerberos due to the way they handle authentication. SAML uses a cookie to store authentication information. This cookie is sent with each request, but the ProxySG only needs to process it once per session. Reduced resource consumption on the ProxySG as it doesn't need to handle individual TCP connection details for authentication.
Kerberos relies on details within each TCP connection for authentication. Requires the ProxySG to process authentication information for every TCP connection. This can consume more resources, especially for users who open many connections.
Best Regards,
nystateofhealth